Sponsored Ads

The Web Security Mailing List

"The botnet, or collection of compromised PCs, can decipher Live
Hotmail's CAPTCHA (Completely Automated Public Turing Test to Tell
Computers and Humans Apart) registration safeguard in about 20 seconds,
said Websense Inc. security researcher Sumeet Prasad.

CAPTCHA
is the term for the distorted characters that many Web sites, such as
e-mail services and blogs, use to prevent spammers and cyber criminals
from creating massive numbers of new accounts. Those accounts are used
to send junk mail or messages that try to dupe people into visiting
malicious sites, and are valuable because spam filters rarely block the
"hotmail.com" domain address.

Last fall, Microsoft revamped the
CAPTCHA protection for Live Hotmail after earlier versions had been
busted by hackers. Its newest defense has now fallen to a similar
attack, said Prasad. "Every time Microsoft implements CAPTCHA changes
to combat abuse of their services, the spammers adapt to those
changes," Prasad said in an entry to the Websense security labs blog .

Although
the newest automated CAPTCHA-cracking tactics are similar in some ways
to those used previously by criminals, Prasad noted that the hackers
are now using encryption to mask the instructions sent to the bots."